September 20, 2022 LastPass Says Hackers Accessed Systems for 4 Days The world’s most popular password manager, LastPass, has provided more information on its August 2022 cyberattack and data breach. The forensic investigation has confirmed that ... Read more
September 13, 2022 Ransomware Gangs Adopt Stealthier Technique That Accelerates Encryption Process Several ransomware gangs have changed their file encryption techniques, and instead of encrypting entire files they are now opting for intermittent encryption, with files only ... Read more
September 8, 2022 Almost 200,000 Accounts Compromised in The North Face Credential Stuffing Campaign Customers of the outdoor clothing company, The North Face, said the online accounts of almost 200,000 customers have been compromised. Unusual activity was detected in ... Read more
September 7, 2022 Ransomware Warning Issued to U.S. School Districts Following Major Attack 2nd Largest U.S. School District The Federal Bureau of Investigation (FBI), Cybersecurity and Infrastructure Security Agency (CISA), and the Multi-State Information Sharing and Analysis Center (MS-ISAC), have issued a joint ... Read more
September 6, 2022 TikTok Denies Theft of 2 Billion Data Records and Source Code On September 3, 2022, a hacker operating under the name of AgainstTheWest claimed on a hacking forum that TikTok and WeChat had been breached and ... Read more
August 31, 2022 What Happens If My Password Manager is Hacked? If you follow the news, or if you use the LastPass password manager, you will no doubt be aware that LastPass was hacked this month, ... Read more
August 30, 2022 Mid-Year Threat Report Suggests Ransomware Losses Likely to Exceed $30 Billion by 2023 Ransomware is the most serious threat to large and medium-sized businesses, and global ransomware damages have been predicted to exceed $30 billion by 2023, according ... Read more
August 26, 2022 LastPass Hacked: Source Code Stolen LastPass, one of the world’s most popular password managers, has confirmed it has been hacked and portions of its source code have been stolen. Password ... Read more
August 24, 2022 Residential Proxies Increasingly Used to Hide Credential Stuffing Attacks Cyber threat actors are increasingly using hacked residential routers to hide their credential stuffing attacks, according to a recent alert from the Federal Bureau of ... Read more
August 18, 2022 Hackers are Actively Exploiting 5 Vulnerabilities in the Zimbra Collaboration Suite Five vulnerabilities have been identified in the Zimbra Collaboration Suite (ZCS) that are being actively exploited in the wild. The U.S. Cybersecurity and Infrastructure Security ... Read more
August 15, 2022 Conti Ransomware Groups Using Callback Phishing to Gain Access to Victims’ Networks Three groups that split from the Conti ransomware operation are primarily gaining access to victims’ networks using callback phishing tactics, according to cybersecurity firm AdvIntel. ... Read more
August 12, 2022 Ransomware Gangs are Weaponizing Their Stolen Data and Making BEC Attacks Easier Business email compromise (BEC) attacks have been increasing. According to the Federal Bureau of Investigation (FBI), BEC attacks are the costliest type of cybercrime and ... Read more
August 11, 2022 Ransomware Attack on CISCO Used an Employee’s Compromised Personal Google Account CISCO has confirmed that the initial access to its network in an attempted May 2022 ransomware attack was a compromised employee’s personal Google account. The ... Read more
August 9, 2022 Sophisticated Twilio Smishing Attack Sees Accounts and Customer Data Compromised The digital communication platform provider Twilio has confirmed that multiple employees have been tricked into disclosing their account credentials in a smishing attack. Smishing is ... Read more
August 8, 2022 NHS 111 Services Disrupted by Cyberattack on Managed Service Provider The National Health Service (NHS) in the United Kingdom is currently dealing with a cyberattack on one of its managed service providers, Advanced. Birmingham-based Advanced ... Read more
August 4, 2022 97% of Top Universities Failing to Adequately Protect Against Email Impersonation Attacks Domain spoofing is a common tactic used by phishers to trick victims into believing they have received an official email from a trusted business or ... Read more
August 3, 2022 87% of Ransomware Uses Malicious Macros to Infect Devices Microsoft recently rolled out a new security feature that would block macros by default. There was a hiccup in that process, as Microsoft had to ... Read more
July 29, 2022 Data Breach Costs Reach Record High of $4.35 Million; $9.4m in the US The average cost of a data breach in 2022 has risen to $4.35 million and $9.4 million in the United States, according to the 2022 ... Read more
July 27, 2022 LinkedIn Remains the Most Impersonated Brand in Phishing Attacks The Q2, 2022 Brand Phishing Report from cybersecurity firm Check Point shows LinkedIn is still the most impersonated brand in phishing attempts, having first entered ... Read more
July 18, 2022 North Korean Hackers Behind HolyGhost Ransomware Attacks on SMBs A ransomware family called HolyGhost that is being used in attacks on SMBs has been linked to a suspected North Korean state-sponsored hacking group by ... Read more
July 15, 2022 Web Server Hacking Incident Results in $875,000 HIPAA Fine for Oklahoma State University On January 5, 2018, Oklahoma State University – Center for Health Sciences (OSU-CHS) reported a web server hacking incident to the U.S. Department of Health ... Read more
July 13, 2022 Massive Phishing Campaign Bypasses MFA to Gain Access to Office 365 Accounts for BEC Attacks This week, Microsoft shared details of a massive phishing campaign that has targeted more than 10,000 organizations since September 2021. The campaign targets organizations that ... Read more
July 5, 2022 Hacker Claims Records of 1 Billion Chinese Nationals Stolen from Shanghai National Police A hacker operating under the name ChinaDan claims to have stolen over 23 terabytes of data from Shanghai National Police (SHGA) databases. The dataset includes ... Read more
June 30, 2022 New AstroLocker Ransomware Variant Detected Being Distributed Directly Through Email Attachments A new version of AstroLocker ransomware has been detected which is being delivered directly via email attachments. Astrolocker is a relatively new ransomware threat that ... Read more
June 23, 2022 Cybersecurity Agencies Recommend Using PowerShell to Improve Forensics and Incident Response Windows PowerShell is a useful and powerful scripting language and configuration management tool that can be used by Windows and system administrators for creating scripts ... Read more
June 22, 2022 SharePoint and OneDrive Files Could be Vulnerable to Ransomware Attacks A potential vulnerability has been identified in Office 365 and Microsoft 365 that could be exploited by ransomware gangs to encrypt files stored on SharePoint ... Read more
June 17, 2022 Exposed Elasticsearch Instance Exposed the Data of Millions of BeanVPN Users 18.5GB of connection logs of individuals who use the free Virtual Private Network (VPN) service provided by BeanVPN have been exposed over the Internet. The ... Read more
June 6, 2022 Feds Announce Seizure of Domains Used for Selling Stolen Credentials and Conducting DDoS Attacks The Department of Justice (DOJ) and the Federal Bureau of Investigation (FBI) have announced they have seized the domain weleakinfo.to, along with two related domains ... Read more
June 2, 2022 3.6 Million MySQL Servers are Exposed to the Internet and Responding to Queries The cybersecurity research group, The Shadowserver Foundation, has identified 3.6 million MySQL servers that are using the default TCP port 3306 and are exposed to ... Read more
May 27, 2022 General Motors Customers Targeted in Credential Stuffing Attack General Motors has announced that certain customer accounts have been accessed by unauthorized individuals. Between April 11 and April 29, 2022, suspicious logins were detected ... Read more